49e91528416acb92ff4a615dc01554943dc4ff363a1e2c1e17aea62e0d8e8b77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e5f18d0413099a3049ed463f6349ad0N.exe
Size

218KB
Sample

240818-fgclwaygqq
MD5

4e5f18d0413099a3049ed463f6349ad0
SHA1

d179b67bc02aed184baf5947e65452c1029e5908
SHA256

49e91528416acb92ff4a615dc01554943dc4ff363a1e2c1e17aea62e0d8e8b77
SHA512

d069c94223caa01f2dd81c1e8817c9e1128fb02ad16f78bdfff12a3c6db61dc49e6af074c87b777c9c981d4d9d6f3a26722ce37fc792fdb526738f488b8b4fde
SSDEEP

3072:Fvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:J1SyAJp6rjn1gOObn4b6h9h

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  4e5f18d0413099a3049ed463f6349ad0N.exe
- Size
  
  218KB
- MD5
  
  4e5f18d0413099a3049ed463f6349ad0
- SHA1
  
  d179b67bc02aed184baf5947e65452c1029e5908
- SHA256
  
  49e91528416acb92ff4a615dc01554943dc4ff363a1e2c1e17aea62e0d8e8b77
- SHA512
  
  d069c94223caa01f2dd81c1e8817c9e1128fb02ad16f78bdfff12a3c6db61dc49e6af074c87b777c9c981d4d9d6f3a26722ce37fc792fdb526738f488b8b4fde
- SSDEEP
  
  3072:Fvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:J1SyAJp6rjn1gOObn4b6h9h
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence